SSH Root Access Restriction openSUSE Leap 16.0

SSH Root Access Restriction openSUSE Leap 16.0


Applies To

OpenSUSE upgrade performing from version Leap 15.6 to Leap 16.0.

Problem

After upgrading to openSUSE Leap 16.0, SSH root login with a password no longer works. Customers who previously accessed their systems remotely as root via password authentication will be locked out after the upgrade.

Reference: openSUSE Leap 16.0 Release Notes – JSC-PED-4965

Cause

openSUSE Leap 16.0 disables password-based SSH root login by default, in line with modern Linux security standards. This change reduces the risk of brute-force attacks targeting the root account.

Solution/Workaround

One of the following must be configured before performing the upgrade:

Option 1 — SSH Key Authentication for Root (Recommended) Replace password login with key-based authentication for the root user.

  1. On the client machine, generate an SSH key pair (if not already available):
    1. ssh-keygen -t ed25519
  2. Copy the public key to the target server:
    1. ssh-copy-id root@<server-ip>
  3. Verify key-based login works before upgrading:
    1. ssh root@<server-ip>

Option 2 — Create a Non-Root User with sudo Privileges Use a non-root account for remote access post-upgrade.

  1. Create a new user:
    1. useradd -m -s /bin/bash -c "Test User" testuser
    2. sudo passwd testuser
  2. Grant sudo privileges:
    1. usermod -a -G wheel testuser
  3. Verify the user can log in via SSH and run sudo commands before upgrading.

    • Related Articles

    • Upgrading the distribution from openSUSE Leap 15.6 to 16.0

      Users of Cryptshare Appliance version 7.7.0 should be aware of several critical changes introduced alongside this release. Version 7.7.0 includes the ability to upgrade the underlying operating system from openSUSE Leap 15.6 to openSUSE Leap 16.0. As ...

    • Network Interface Naming Changes in openSUSE Leap 16.0

      Inhaltsverzeichnis 1 Applies To 2 Problem 3 Cause 4 Solution/Workaround Applies To OpenSUSE upgrade performing from version Leap 15.6 to Leap 16.0. Problem After upgrading to openSUSE Leap 16.0, network interfaces are renamed from legacy names (e.g., ...

    • Minimum Hardware Requirements for openSUSE Leap 16.0

      Inhaltsverzeichnis 1 Applies To 2 Problem 3 Cause 4 Solution/Workaround Applies To OpenSUSE upgrade performing from version Leap 15.6 to Leap 16.0. Problem Systems that do not meet the minimum hardware requirements for openSUSE Leap 16.0 may fail to ...

    • Temporary Directory No Longer Persistent in openSUSE Leap 16.0

      Inhaltsverzeichnis 1 Applies To 2 Problem 3 Cause 4 Solution/Workaround Applies To OpenSUSE upgrade performing from version Leap 15.6 to Leap 16.0. Problem After upgrading to openSUSE Leap 16.0, any files stored in /tmp are permanently deleted on ...

    • Updating openSUSE manually

      Inhaltsverzeichnis 1 Applies To 2 Problem 3 Cause 4 Solution/Workaround 4.1 Step 1: Updating the existing operating system to the latest version 4.2 Step 2: Manually OS upgrade to openSUSE-15.6 4.3 Step 3: Starting Freshclam Timer and ClamAV Service ...